Seven Paths to Regulating Privacy

I am not only retired from all public employments, but
I am retiring within myself, and shall be able to view
the solitary walk and tread the paths of private life
with heartfelt satisfaction.

—George Washington, letter to the Marquis de Lafayette, 1784

That is one view of privacy. Here is another:

We must all watch one another.
—Rev. Robert Browne, guiding principles, 1582

Browne was an Anglican minister, and his dark view of the human spirit as weak and prone to wickedness without the constant “support” of a community of spies and informers had enormous influence on the New England Puritans. Both quotations are drawn from Robert Ellis Smith’s essential study of the history of privacy in America, Ben Franklin’s Web Site.

Those two deeply rooted but antagonistic approaches to privacy have simmered together for centuries, but today converging forces in politics, technology, commerce and law have brought them to a boil. We offer seven policy recommendations that would help preserve Washington’s idyllic picture of private life without having to endure Browne’s nightmare.

1. Restore the role of the Foreign Intelligence Surveillance Act (FISA) court in issuing warrants for wiretapping. Targeted wiretapping approved by a warrant is essential for fighting crime and terrorism. But the amendment to FISA that Congress approved this past July could violate the rights of innocent people. There was no need to extend the period of emergency, warrantless wiretapping from three days to seven. And the re­­duced oversight by the FISA court under the new law amplifies the risk of error or abuse in authorizing wiretaps.

2. Deny the Federal Bureau of Investigation’s proposal to require all “telephone” capabilities of the Internet to be “wiretap-ready.” True, many telephone conversations are being partly routed over the Internet—not only by services such as Skype but also by the nation’s cell phone carriers. But granting the FBI’s proposal would have such crippling side effects that it would do much more harm than good. One key reason for opposing it is that such wiretap capability could open up a new backdoor entry to the Internet, which the nation’s enemies could then exploit.

3. End the secrecy surrounding the Cyber Initiative. To protect the Internet from such attacks, the Bush administration has launched a “Cyber Initiative,” a program that could end up costing billions of dollars. The initiative clearly aims to conduct widespread surveillance of Internet traffic, yet plans for it are so hush-hush that there has been little or no public debate about it. Plenty of discussion about other kinds of defense spending has taken place without tipping off the enemy; here, too, debate is needed.

4. Grant people control over their own medical information. Patients should be able to determine who sees which parts of their personal medical and genetic records—with one exception. Once proper safeguards are in place to protect individuals, the information should be made available anonymously for studies in medicine and public health.

5. Encrypt and control all records. Organizations that store personal information—including those that hold biometric data and data generated by radio-frequency identification (RFID) tags—must keep it from falling into the wrong hands. The threat of lawsuits as well as criminal sanctions through tougher privacy laws is needed to enforce this obligation.

6. Regulate the use of RFID tags. When RFID tags are embedded in a retail product, they should be disabled once the shopper has paid for the product. Even if they store nothing more than a serial number, they enable anyone who carries such a tag to be followed surreptitiously. If they must remain readable—as in licenses, passports, and the like—their presence should be disclosed to the carrier. If the tags store personal information, including information about time and place, it should be encrypted and the carrier should be warned about its presence.